Distributed Denial of Services (DDoS) attacks occur when multiple systems flood the bandwidth or resources of a targeted system such as a server hosting a website. Because DDoS attacks may not result in hacking into a website, but rather act more like normal business communications, they may be harder to identify as an attack.
Conventional methods for reducing the impact of DDoS attacks include deliberately infecting one's own computer with DDoS malware in order to understand how a computer can be used as part of what is known as a botnet (i.e., a network of infected machines) to target other machine on a command from a controller machine. This may allow identification of the orders the members of a botnet receive, the IP address of the machine issuing the attack command, and identify those responsible for the attacks. Websites may monitor the normal traffic generated when browsing websites and E-mail traffic to help determine whether the traffic has different characteristics than are associated with normal business traffic to determine if a DDoS attack is occurring and where it originated. Websites may also use blacklists may be used to block messages from known attackers.